Spam levels are down slightly in 2008, but Web-based attacks are skyrocketing, fueled by attackers defeating websites and tricking users of social networks, according to an annual report released by Symantec's MessageLabs.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

SearchSecurity.com:

To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

MessageLabs, a managed messaging security services provider that tracks spam, phishing and Web-based attacks, said the annual average spam rate was 81.2% in 2008, a decline of 3.4% from a year ago.

Nearly all the spam is being distributed by botnets. Paul Wood, a senior analyst for MessageLabs, said the spam decline can be attributed to the de-accreditation of EstDomains, an ISP suspected by many to be hosting the command and control channels for botnets and the shut down of McColo Corp., which was known to be a hosting provider for spammers and malware pushers. The Srizbi botnet, which was responsible for 50% of all spam globally was affected immediately, Wood said.

"Although Srizbi still existed, it was unable to connect to its command and control channel," he said. "Rival botnets have been taking up the slack but they haven't reached the same level they were at before."

Facebook wins spam lawsuit: A Canadian man, Adam Guerbuez must pay $873 million for hacking into the profiles of Facebook members to send them spam messages advertising porn sites and male enhancement pills.

Although Srizbi hasn't returned to its normal level of activity, Wood said it was designed to stay active and will likely find alternative hosting, bringing the volume of spam back to previous levels.

"The operations that were disrupted really as a result of community action, but it's a lot of work," Wood said.

More alarming is the use of complex Web-based malware to infiltrate social networks and target flaws in legitimate websites. The daily number of new websites containing malware rose from 1,068 in January to its peak at 5,424 in November, MessageLabs noted in its report. Attackers are turning to social networks to design extremely targeted social engineering attacks, Wood said. Spammers and phishers set up fake profiles to try to draw fake friend requests and then begin harvesting information they can use before making their move, he said.

"If they know your background and the contacts you have they could take advantage of that in their communications and so far it's been extremely successful for them," he said.

SQL injection attacks also fueled the increase. The average number of new malicious websites blocked each day rose to 2,290 in 2008 compared with 1,253 for 2007, an increase of nearly 83%, MessageLabs said. The increase can at least be partially attributed to the strength of the Asprox botnet.

Designed for phishing scams, the Asprox botnet owners tweaked it adding code that makes it target vulnerable websites, Wood said. Asprox tries to exploit a flaw in the website and then injects malicious code in the database behind the website. When a victim lands on a compromised website they don't realize malicious code is being loaded via their browser, spreading the botnet.

"These are not necessarily dodgy websites," Wood said. "It's usually Java script that tries to target a vulnerable browser in various ways, the computer gets compromised, they become part of the botnet and the trend continues."

MessageLabs, which has been tracking spam volumes and noting phishing and malware trends since 2005, said it will continue to release reports on the threat landscape. Symantec acquired MessageLabs in October. The acquisition was completed on Nov. 14.

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy